× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4eebae5ad3afd9ed10fec7bd93a6112e0e4651dd5d455c07162bf910251c16a5
File name: Nc
Detection ratio: 45 / 68
Analysis date: 2018-09-17 00:10:03 UTC ( 6 days, 4 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40407528 20180913
AhnLab-V3 Malware/Win32.Milicry.C2709663 20180916
ALYac Spyware.LokiBot 20180916
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20180916
Arcabit Trojan.Generic.D26891E8 20180916
Avast Win32:Malware-gen 20180916
AVG Win32:Malware-gen 20180916
Avira (no cloud) HEUR/AGEN.1033347 20180916
AVware Trojan.Win32.Generic!BT 20180916
BitDefender Trojan.GenericKD.40407528 20180916
CAT-QuickHeal Trojan.IGENERIC 20180915
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20180917
Cyren W32/Trojan.CSQD-7016 20180916
DrWeb Trojan.PWS.Stealer.21240 20180916
Emsisoft Trojan.GenericKD.40407528 (B) 20180916
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKFB 20180916
F-Secure Trojan.GenericKD.40407528 20180916
Fortinet W32/Androm.CIKY!tr.bdr 20180916
GData Trojan.GenericKD.40407528 20180916
Ikarus Trojan-Banker.Ramnit 20180916
Sophos ML heuristic 20180717
Jiangmin Backdoor.Androm.abjb 20180916
K7AntiVirus Trojan ( 0053aad91 ) 20180916
K7GW Trojan ( 0053aad91 ) 20180916
Kaspersky Backdoor.Win32.Androm.qgbf 20180916
Malwarebytes Spyware.LokiBot 20180916
MAX malware (ai score=100) 20180917
McAfee RDN/Generic BackDoor 20180916
McAfee-GW-Edition BehavesLike.Win32.PUPXAA.bh 20180917
Microsoft Trojan:Win32/Tiggre!rfn 20180916
eScan Trojan.GenericKD.40407528 20180916
Palo Alto Networks (Known Signatures) generic.ml 20180917
Panda Trj/GdSda.A 20180916
Qihoo-360 Win32/Backdoor.f3b 20180917
Sophos AV Mal/Generic-S 20180916
Symantec Trojan Horse 20180916
Tencent Win32.Backdoor.Androm.Pefi 20180917
TrendMicro Mal_MiliCry-1 20180916
TrendMicro-HouseCall Mal_MiliCry-1 20180916
VBA32 BScope.Trojan.Yakes 20180914
VIPRE Trojan.Win32.Generic!BT 20180916
Zillya Trojan.GenericKD.Win32.158125 20180914
ZoneAlarm by Check Point Backdoor.Win32.Androm.qgbf 20180916
AegisLab 20180916
Alibaba 20180713
Avast-Mobile 20180916
Babable 20180907
Baidu 20180914
Bkav 20180915
ClamAV 20180916
CMC 20180916
Comodo 20180916
Cybereason 20180225
eGambit 20180917
F-Prot 20180916
Kingsoft 20180917
NANO-Antivirus 20180916
Rising 20180916
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180916
TheHacker 20180914
TotalDefense 20180915
Trustlook 20180917
ViRobot 20180916
Webroot 20180917
Yandex 20180915
Zoner 20180916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©Delphi Automotive. All rights reserved.

Product Nc
Original name Nc.exe
Internal name Nc
Description Brightest Upgraded First Started
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-16 18:23:04
Entry Point 0x00051019
Number of sections 4
PE sections
Overlays
MD5 692c8022360661692872fdc730517229
File type ASCII text
Offset 805888
Size 3
Entropy 1.58
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegDeleteValueA
GetFileSecurityA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyA
SetFileSecurityA
AuthzReportSecurityEvent
AuthzOpenObjectAudit
GetOpenFileNameA
GetFileTitleA
SetMapMode
GetWindowOrgEx
CreateMetaFileA
GetNearestColor
GetTextMetricsA
CombineRgn
GetROP2
GetViewportOrgEx
GetObjectType
GetTextExtentPointA
EndDoc
IntersectClipRect
GetTextFaceA
CreateEllipticRgn
GetPolyFillMode
GetDIBits
SetTextAlign
StretchDIBits
ScaleViewportExtEx
CloseMetaFile
Arc
SetViewportExtEx
SetBkColor
GetBkColor
SetRectRgn
SetStretchBltMode
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
GetPixel
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
BitBlt
GetObjectA
CreateFontA
SetAbortProc
ScaleWindowExtEx
PtVisible
ExtSelectClipRgn
SetROP2
EndPage
GetTextColor
Escape
SetWindowExtEx
DeleteObject
SetGraphicsMode
GetWindowExtEx
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
GetMapMode
StartPage
GetCharWidthA
CreatePatternBrush
CreateBitmap
RectVisible
GetStockObject
GetBkMode
ExtTextOutA
UnrealizeObject
SelectClipRgn
GetTextAlign
GetTextExtentPoint32A
SetWindowOrgEx
GetViewportExtEx
GetRgnBox
SaveDC
RestoreDC
CreateSolidBrush
SelectClipPath
CreateDIBSection
SetTextColor
MoveToEx
SetViewportOrgEx
CreateCompatibleDC
SetBrushOrgEx
CreateRectRgn
SelectObject
StartDocA
SetPolyFillMode
Ellipse
GetStretchBltMode
DPtoLP
CopyMetaFileA
AbortDoc
CreateCompatibleBitmap
DeleteMetaFile
GetVolumePathNameW
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
lstrcmpW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
OpenFileMappingA
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
MultiByteToWideChar
SetStdHandle
GetFileTime
GetCPInfo
GetOverlappedResult
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
SetConsoleScreenBufferSize
RaiseException
GetVolumeInformationA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
GlobalFindAtomA
GetProfileIntA
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
LocalFileTimeToFileTime
CreateEventW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
DeleteFileA
GetWindowsDirectoryA
DeleteFileW
GlobalLock
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
lstrcmpA
FindFirstFileA
GetDiskFreeSpaceA
GetProfileStringA
CompareStringA
GetTempFileNameA
DuplicateHandle
GetProcAddress
GlobalAlloc
GetTimeZoneInformation
CreateFileW
GetConsoleWindow
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
GetShortPathNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
SetConsoleCP
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
SizeofResource
LoadLibraryW
WideCharToMultiByte
IsValidCodePage
HeapCreate
lstrcpyA
VirtualFree
Sleep
GetFileAttributesExA
FindResourceA
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
OleCreateFontIndirect
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
RpcStringFreeA
UuidToStringA
UuidCreate
CM_Remove_SubTree
SetupDiGetClassDevsA
CM_Delete_Range
SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileA
PathFindExtensionA
PathAddBackslashA
PathIsUNCA
PathRemoveFileSpecW
PathStripToRootA
PathFindFileNameA
PathFileExistsA
MapWindowPoints
RegisterClipboardFormatA
GetForegroundWindow
SetWindowRgn
RedrawWindow
SetMenuItemBitmaps
MoveWindow
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
DrawIcon
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetWindowContextHelpId
SetScrollPos
InSendMessage
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
CopyAcceleratorTableA
ClientToScreen
GetActiveWindow
LockWindowUpdate
ScrollWindow
GetWindowTextA
InvalidateRgn
GetKeyState
PtInRect
GetMessageA
GetParent
MapDialogRect
UpdateWindow
SetPropA
EqualRect
EnumWindows
GetClassInfoExA
ShowWindow
DrawFrameControl
GetNextDlgGroupItem
GetMenuState
GetTabbedTextExtentA
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
InsertMenuItemA
LoadStringA
SetParent
IsZoomed
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
SetTimer
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
CreateMenu
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
ClipCursor
GetMenuItemInfoA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
GetScrollRange
SetWindowLongA
EndDialog
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
CreateWindowExA
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
InsertMenuA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
BeginDeferWindowPos
GetDesktopWindow
GetSystemMenu
ReuseDDElParam
GetDC
SetForegroundWindow
PostThreadMessageA
WindowFromDC
ReleaseDC
IntersectRect
GetScrollInfo
LoadMenuA
CharNextA
GetCapture
SetWindowTextA
MessageBeep
DrawTextExA
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
ShowScrollBar
AppendMenuA
GetPropA
SetMenu
SetDlgItemTextA
SetRectEmpty
GetMenuStringA
RegisterWindowMessageA
CallWindowProcA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
RegisterClassExA
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
GetTopWindow
OemKeyScan
IsWindowVisible
UnpackDDElParam
GetDCEx
WinHelpA
SetRect
DeleteMenu
InvalidateRect
TranslateAcceleratorA
ValidateRect
IsRectEmpty
GetClassNameA
GetFocus
wsprintfW
ModifyMenuA
GetAncestor
UnhookWindowsHookEx
SetCursor
DrawThemeText
IsThemeBackgroundPartiallyTransparent
DrawThemeIcon
DrawThemeParentBackground
DrawThemeBackground
GetJobA
DocumentPropertiesA
ClosePrinter
OpenPrinterA
ConnectToPrinterDlg
__WSAFDIsSet
socket
inet_addr
ioctlsocket
WSAStartup
gethostbyname
WSACleanup
htons
closesocket
select
OleLockRunning
OleCreateMenuDescriptor
OleTranslateAccelerator
OleUninitialize
OleDestroyMenuDescriptor
StgOpenStorageOnILockBytes
CreateFileMoniker
CreateStreamOnHGlobal
CreateItemMoniker
RevokeDragDrop
IsAccelerator
OleRegGetMiscStatus
RegisterDragDrop
StringFromCLSID
CoRegisterMessageFilter
OleDuplicateData
CLSIDFromString
CreateOleAdviseHolder
CreateILockBytesOnHGlobal
CoGetClassObject
CoRegisterClassObject
OleRegGetUserType
OleInitialize
CoLockObjectExternal
CoDisconnectObject
CoCreateInstance
OleRegEnumVerbs
StgOpenStorage
OleIsCurrentClipboard
OleRun
StgIsStorageFile
CoTaskMemAlloc
CoInitializeEx
StgCreateDocfile
CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
CoRevokeClassObject
CoUninitialize
OleSaveToStream
CLSIDFromProgID
WriteClassStg
CoFreeUnusedLibraries
ReleaseStgMedium
CreateBindCtx
OleIsRunning
CoGetMalloc
GetRunningObjectTable
OleFlushClipboard
WriteClassStm
CoTaskMemFree
CreateGenericComposite
Number of PE resources by type
Struct(3000) 10
RT_GROUP_CURSOR 10
RT_STRING 9
RT_ICON 7
Struct(998) 6
RCDATA 3
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 49
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Languages
English

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.9.3.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Brightest Upgraded First Started

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
369664

PrivateBuild
4.9.3.6

EntryPoint
0x51019

OriginalFileName
Nc.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Delphi Automotive. All rights reserved.

TimeStamp
2018:08:16 19:23:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Nc

ProductVersion
4.9.3.6

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Delphi Automotive

CodeSize
435200

ProductName
Nc

ProductVersionNumber
4.9.3.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b1926651d39380e38726e9737bfaf194
SHA1 86872ff04f8e12ddc7f0d08a7d4577afee247e0d
SHA256 4eebae5ad3afd9ed10fec7bd93a6112e0e4651dd5d455c07162bf910251c16a5
ssdeep
12288:iiasN8Sx/cz5G8J6Tfh5Ah7MnRnhfki17f7KI1O7HHH1IDHdxwIG/nKQ8:6sNtxEFsTfh67MRhkOm1cdTG/nKT

authentihash ab0b86a8bff12269b6083f60f23cb0ab60adae7e6427a3c0f487121a8d7933ad
imphash 56104ec6046f4ca295e758a6cd912bab
File size 787.0 KB ( 805891 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-08-19 02:12:26 UTC ( 1 month ago )
Last submission 2018-08-19 02:12:26 UTC ( 1 month ago )
File names Nc.exe
Nc
e.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.